scaffold
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes standard development toolchains (e.g.,
go build,pytest,npx tsc,cargo build) to verify the integrity of generated scaffolds. This behavior is standard for scaffolding tools and is restricted to the generated project directory. - [PROMPT_INJECTION]: The skill ingest user-provided inputs such as project names and types. It includes explicit validation logic to ensure project names follow kebab-case, which mitigates risks associated with malicious file naming or directory traversal.
- [EXTERNAL_DOWNLOADS]: While the skill mentions CI/CD configurations that utilize external GitHub Actions (e.g.,
actions/setup-go), these are part of the generated project templates rather than code executed by the skill itself. The skill neutrally references well-known services for configuration purposes.
Audit Metadata